php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #27060 Change Novell passwords via ldap
Submitted: 2004-01-27 11:11 UTC Modified: 2014-12-30 10:41 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: chris dot brown at arlington dot k12 dot va dot us Assigned:
Status: No Feedback Package: LDAP related
PHP Version: * OS: Irrelevant
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-01-27 11:11 UTC] chris dot brown at arlington dot k12 dot va dot us
Description:
------------
/*
----------------------------------------------------------------------
 January 27, 2004 

 This is code I wrote to add to ldap.c under PHP 4.2.1.
 The code was originally written May of 2002
 I was asked to submit it as a feature request to the maintainers
    of the php_ldap module.
 The code allows users to change Novell NDS passwords and Novell
    Simple passwords via the eDirectory 8 LDAP interface.
 The code allows for both user and admin password changes.  If the
    "old" password is not supplied, it assumes that the user must
    have admin rights to change the password.
 The trick to changing the NDS password via LDAP as a user is that
    you have to delete the old value and add the new value in the
    same transaction.

 REF: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2953444.htm
 REF: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10066348.htm

 Chris Brown
 Arlington Public Schools
 1426 North Quincy Street
 Arlington, VA. 22207
 chris.brown@arlington.k12.va.us

----------------------------------------------------------------------
*/


Reproduce code:
---------------
#define LDAP_CONTROL_SIMPLEPASSWORD  "2.16.840.1.113719.1.27.101.5"

/* {{{ proto bool ldap_edir_user_password_change(resource link, string dn, string oldpassword, string newpassword)
*/
PHP_FUNCTION(ldap_edir_user_password_change)
{                                                                                                                                           
        pval **link, **dn, **oldpassword, **newpassword ;

        char *ldap_dn;
        ldap_linkdata *ld;

        char    *oldValues[2], *newValues[2];

        LDAPMod  oldPass, newPass;
        LDAPMod *ldap_mods[4];

        LDAPControl  simplePassword_control;
        LDAPControl *ldap_controls[2];


        char tempstr[255];
        int  err;


 
        if (ZEND_NUM_ARGS() != 4 || zend_get_parameters_ex(4, &link, &dn, &oldpassword, &newpassword) == FAILURE) {
                WRONG_PARAM_COUNT;
        }

        if (Z_TYPE_PP(oldpassword) != IS_STRING) {
                php_error(E_WARNING, "LDAP: Expected String in thrid element");
                RETURN_FALSE;
        }
        if (Z_TYPE_PP(newpassword) != IS_STRING) {
                php_error(E_WARNING, "LDAP: Expected String in forth element");
                RETURN_FALSE;
        }



        ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, link, -1, "ldap link", le_link);
        convert_to_string_ex(dn);
        convert_to_string_ex(oldpassword);
        convert_to_string_ex(newpassword);



        ldap_dn = Z_STRVAL_PP(dn);


        oldPass.mod_op = LDAP_MOD_DELETE;
        newPass.mod_op = LDAP_MOD_ADD;

        oldPass.mod_type = "userPassword";
        newPass.mod_type = "userPassword";


        oldValues[0] = Z_STRVAL_PP(oldpassword);  oldValues[1] = NULL;
        newValues[0] = Z_STRVAL_PP(newpassword);  newValues[1] = NULL;

        oldPass.mod_values = oldValues;
        newPass.mod_values = newValues;

        /* Setup the SimplePassword server side ldap control*/
        simplePassword_control.ldctl_oid = "2.16.840.1.113719.1.27.101.5";
        simplePassword_control.ldctl_iscritical = 1;
        simplePassword_control.ldctl_value.bv_val = NULL;
        simplePassword_control.ldctl_value.bv_len = 0 ;

        ldap_controls[0]=&simplePassword_control;  ldap_controls[1]=NULL;






        /* Set the NDS Password & the Simple Password */

        if ( strlen(oldValues[0])==0 ) { 
            /* Admin Change */
            ldap_mods[0]=&newPass;
            ldap_mods[1]=NULL;
            ldap_mods[2]=NULL;
            ldap_mods[3]=NULL;
            err = ldap_modify_ext_s(ld->link, ldap_dn, ldap_mods, ldap_controls, NULL);
            err = ldap_modify_ext_s(ld->link, ldap_dn, ldap_mods, NULL, NULL);
        } 
        else { 
            /* User Change */
            ldap_mods[0]=&newPass;
            ldap_mods[1]=NULL;
            ldap_mods[2]=NULL;
            ldap_mods[3]=NULL;
            err = ldap_modify_ext_s(ld->link, ldap_dn, ldap_mods, ldap_controls, NULL);

            ldap_mods[0]=&oldPass;
            ldap_mods[1]=&newPass;
            ldap_mods[2]=NULL;
            ldap_mods[3]=NULL;
            err = ldap_modify_ext_s(ld->link, ldap_dn, ldap_mods, NULL, NULL);
        }

        if (err == LDAP_SUCCESS) { RETVAL_TRUE; }
        else {
            sprintf(tempstr,"LDAP: ERROR %i: %s",err,ldap_err2string(err)); php_error(E_WARNING, tempstr);
            RETVAL_FALSE;
        } 


}
/* }}} */




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-10-19 04:56 UTC] paca at sci dot fi
Thanks Chris for this very important patch.
Maintainers, please check this in to PHP 4.x and 5.x ASAP.
Or even better, add support for importing/exporting ldif-files. It would would be nice also... That feature could be used for this and other things.
 [2014-04-17 14:32 UTC] levim@php.net
-Status: Open +Status: Feedback -Package: Feature/Change Request +Package: LDAP related -Operating System: NA +Operating System: Irrelevant -PHP Version: Irrelevant +PHP Version: *
 [2014-04-17 14:32 UTC] levim@php.net
Is this something you are still interested in?
 [2014-04-17 16:33 UTC] chris dot brown at arlington dot k12 dot va dot us
I no longer have any use for the patch.
 [2014-12-30 10:41 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Dec 01 12:02:32 2020 UTC